Why Fraud Mitigation Can’t Wait: Confronting the Surge in Cybercrime

Fraud mitigation refers to the proactive steps and strategies organizations implement to reduce the risk and impact of fraudulent activities — particularly in the cyber domain. In today’s increasingly digital economy, fraud is no longer confined to isolated incidents, it has become an endemic form of cybercrime. It has evolved into a sophisticated, constantly shifting ecosystem that targets individuals, businesses and financial systems through digital channels. Fraud imposes a significant and growing financial burden on businesses and consumers alike. In 2024, financial fraud losses reached a record $12.5 billion, marking an alarming 25% year-over-year increase, according to the U.S. Federal Trade Commission (FTC). Effective fraud mitigation goes beyond basic prevention to include detection, response and long-term resilience, relying on intelligence, automation and broad external visibility. 

From social engineering schemes to coordinated dark web campaigns, cybercriminals are exploiting human and technical vulnerabilities at scale.  A deeper understanding of how fraud operates is critical for organizations across all industries. Read on to learn how your organization can mitigate fraud and reduce the associated risks. 

Understanding the Fraud Landscape 

The fraud landscape is dynamic and includes a range of online scams and crimes targeting individuals and businesses for financial gain. Common types include:  

• Identity theft: Criminals steal personal information (name, address, national ID number, etc) to open credit cards, apply for loans or commit other financial crimes using the victim’s name and personal details. This information is often obtained through data breaches, phishing emails or even physical document theft. Once exploited, it can significantly damage the victim’s credit history and financial reputation. Victims may face months or even years of work to clear their records and recover stolen funds.

• Investment fraud: Scammers use various tactics, including phishing and impersonation, to lure victims into investing in fake schemes or Ponzi schemes, promising high returns that never materialize.  These schemes can appear highly professional, with fake websites, glossy brochures and fraudulent testimonials designed to build credibility. In some cases, scammers exploit social media or messaging apps to create urgency and fear of missing out (FOMO), pushing victims to act quickly without proper due diligence.

• Account takeover fraud: After obtaining login credentials, criminals gain access to victim’s financial accounts and make unauthorized transactions. They may change passwords, update contact information, or add new beneficiaries to facilitate theft. Some attackers use automated bots to test credentials across multiple platforms—a tactic known as credential stuffing, based on leaked data from previous breaches.

• Business email compromise (BEC): Cybercriminals impersonate business executives or suppliers in emails, tricking employees into making fraudulent wire transfers. These emails often appear legitimate and may mimic known communication styles, include realistic-looking invoices, or reference real business deals. Attackers often conduct prior research to time their fraud attempts for maximum credibility and financial gain.

• Additional online scams: This broad category encompassed various online scams like romance scams, advance fee fraud (a type of confidence trick where a fraudster promises a large sum of money or other benefits in exchange for an upfront payment), and online shopping fraud, where criminals use deceptive tactics to obtain money or personal information. Romance scammers frequently use dating platforms and social media to create fake personas and emotional bonds with victims before requesting money. Advance fee scams often cite inheritance claims, lottery winnings or business opportunities, while online shopping scams may involve fake storefronts or counterfeit product listings that disappear once payment is made.

• Credit card fraud: Cybercriminals steal credit card information through various methods, including skimming devices at ATMs or payment terminals, or different tactics such as conducting data breaches or keylogging to bypass organizations’ security measures. Once obtained, this information can be used for unauthorized purchases or sold on the dark web to other criminals. Fraudulent activity may initially be small to avoid detection, escalating quickly once the account is confirmed to be active.

Credit card fraud represents one of the most mature and industrialized forms of financial cybercrime. In the following section, we’ll explore how this ecosystem operates in practice—based on threat intelligence insights gathered by LUMINAR, Cognyte’s AI-powered external threat intelligence solution.

Inside the Carding Ecosystem 

Credit card fraud remains one of the most mature and lucrative segments of the financial fraud world. One of the key pillars supporting this ecosystem is carding: the illegal acquisition, trafficking and use of stolen credit card data. 

One of the primary goals of carding is to determine which stolen credit card numbers are valid and can be used to make unauthorized purchases. This process is typically carried out by bots, automated software designed to rapidly test and validate card details across online platforms. 

The carding ecosystem thrives in hidden corners of the internet such as dark web forums, underground markets and Telegram channels. These platforms facilitate: 

• Sale of stolen credit card data – categorized by country, bank or card type 

• Carding tools – such as bots, keyloggers and malware used to test and automate transactions, allowing criminals to easily and quickly scale their fraud schemes 

• Related services – including credit card validation and cash-out techniques 

• Knowledge sharing – where cybercriminals exchange guides, tutorials and fraud tips, including how to evade detection 

According to data gathered by LUMINAR, stolen credit card data remains a persistent threat traded across dark web marketplaces and group messaging platforms, posing a continuous challenge for businesses and financial institutions. 

How Carding Reflects Larger Fraud Trends 

What happens in carding forums doesn’t stay there. These tactics often reflect or inspire broader fraud techniques. The following are recent tools and strategies detected by LUMINAR: 

• Ghost tap apps: Subscription-based Android apps first seen in late 2024, used to cash out stolen card data linked to mobile wallets. Attackers relay NFC signals to POS terminals globally using “mules,” spreading small payments, often below $500, across retailers to avoid detection. LUMINAR detected a rise in subscription-based Android ghost tap apps, marketed by several Chinese cybercrime groups on Telegram.^[1] cybercriminals to evade fraud alerts.  

• Devices with Fraudulent Wallets: Several China-based smishing (SMS phishing) groups operate a scheme in which they load stolen digital wallets on mobile devices and sell them via Telegram. The devices are sold in bulk, for hundreds of dollars per device. These devices, once held for months, are now sold or used within 7–10 days, indicating faster fraud cycles and monetization. 

• Counterfeit Card Images: Phishing victims’ card data is transformed into digital images by Chinese fraud groups, then scanned into Apple Pay or Google Wallet. These images trigger OTPs (one-time passwords), enabling enrollment of stolen cards into legitimate payment platforms. 

These examples reveal how fraudsters continuously adapt tools and strategies across payment methods, platforms and geographies, posing strategic threats far beyond individual stolen cards. 

The Role of External Threat Intelligence in Fraud Mitigation

External cyber threat intelligence (CTI) plays a critical role in helping organizations stay ahead of fraud. By providing early insights into malicious activity beyond the organization’s perimeter, CTI enables faster detection, smarter prevention, and stronger response.

Here’s how CTI supports a more proactive approach to fraud mitigation:

1. Identifying Fraudulent Activity:

• Early Warning System: This provides early warnings by identifying indicators of malicious activity such as phishing domains, data leaks and impersonation attacks.
• Trend Analysis: By analyzing trends and patterns in fraudulent activity, organizations can understand how fraudsters operate and adapt their defenses accordingly.
• Proactive Monitoring: Organizations can monitor threats in real-time, allowing them to detect and respond to fraud attempts before they cause significant damage. 

2. Enhancing Fraud Detection and Prevention:

• Targeted Detection: This allows organizations to correlate transactional data with known indicators of fraud, enabling them to identify and flag suspicious transactions more effectively.
• Real-time Response: Organizations can respond to fraud attempts in real-time, potentially halting or scrutinizing transactions as they occur. 

3. Strengthening Incident Response:

• Faster Response Times: Provides timely insights into attack vectors and adversary techniques, enabling faster and more precise incident response.
• Targeted Remediation: By understanding the methods used by fraudsters, organizations can implement targeted remediation strategies to address vulnerabilities and prevent future attacks.

4. Protecting Customer Data and Brand Reputation:

• Safeguarding Customer Information: Organizations can protect customer data from theft and misuse, minimizing the risk of fraud and reputational damage. 
• Preventing Credential Stuffing: By identifying and mitigating credential stuffing attacks, organizations can prevent unauthorized access to customer accounts. 
• Brand Protection: Organizations are more equipped to protect their brand reputation by identifying and preventing impersonation attacks and other malicious activities. 

5. Meeting Regulatory Requirements:

• Compliance: Organizations can meet regulatory requirements related to fraud prevention and data protection, such as the Network and Information Security 2 Directive (NIS2). 

Why Traditional Fraud Mitigation Tools Fall Short 

Most traditional fraud tools are designed for investigating specific incidents or targets, such as flagging a suspicious transaction or reviewing a fraudulent email. While useful for forensic work, these tools lack the scope and scale needed to uncover larger patterns and systemic trends. They often operate in silos, don’t leverage advanced automation or external intelligence and rely heavily on manual investigation. 

In contrast, modern fraud mitigation demands real-time visibility into threat actor behavior, trend tracking across platforms (including dark web and encrypted messaging apps), and AI-powered analytics that surface connections human analysts might miss. 

How LUMINAR Powers Proactive Fraud Mitigation

As fraud evolves, mitigation strategies must advance in step. LUMINAR, Cognyte’s AI-powered external threat intelligence solution, helps financial institutions and organizations proactively identify and disrupt fraud before it causes damage.

The following are examples of how LUMINAR specifically supports fraud mitigation:

• Monitors and analyzes dark web carding markets: LUMINAR’s Credit Card Fraud Mitigation Module continuously scans underground forums, marketplaces, and group chats to identify compromised card data—enabling proactive cancellation and reduced exposure.
• Analyzes threat actor tools and TTPs: LUMINAR tracks fraud-enabling malware, bots, and social engineering kits, delivering insights into attacker behavior and tactics, techniques, and procedures (TTPs). This intelligence supports faster detection and tailored defenses.
• Empowers customer and employee education: By exposing the latest fraud tactics—like phishing lures and carding scams—LUMINAR helps organizations train staff and inform customers, reducing the success rate of social engineering attacks.

LUMINAR Credit Card Fraud Mitigation Module

Analyze threat actor tools and TTPs: Monitor malware, bots and social engineering kits to provide actionable insights based on current attacker behavior. The LUMINAR research team carries out a comprehensive analysis of relevant threat actor tools and tactics, techniques and procedures (TTPs) with the goal of raising threat intelligence awareness related to the financial fraud landscape, allowing for proactive mitigation of fraud threats.  

Empower customer and employee education: Awareness of common fraud tactics, such as phishing and carding, is essential to building resilient defenses and preventing entry points for phishing or social engineering attacks. 

Looking Ahead: Fraud in the Era of GenAI 

Fraud tactics will continue to evolve, especially with the growing accessibility of generative AI and large language models (LLMs). From deepfake voice scams (vishing) to synthetic identity generation, fraudsters are already weaponizing these technologies to enhance deception and scale attacks faster than ever before. 

To stay ahead, organizations must embrace proactive, intelligence-led mitigation strategies that combine automation, external visibility and real-time monitoring. 

Fraud is no longer a series of isolated events—it’s an interconnected, fast-moving ecosystem. By understanding the broader landscape and focusing on real-time, AI-powered external threat intelligence, organizations can move from reacting to fraud to preventing it. Whether it’s stopping stolen card usage or identifying a shift in smishing tactics, proactive fraud mitigation is not just about protection, it’s about staying ahead of the next threat wave. 

Learn how LUMINAR can help your organization proactively mitigate fraud.